import { Duration } from "aws-cdk-lib"; import * as dsql from "aws-cdk-lib/aws-dsql"; import { IVpc, SubnetSelection } from "aws-cdk-lib/aws-ec2"; import { IFunction } from "aws-cdk-lib/aws-lambda"; import * as lambda from "aws-cdk-lib/aws-lambda-nodejs"; import { NodejsFunctionProps } from "aws-cdk-lib/aws-lambda-nodejs"; import { IDatabaseCluster, IDatabaseInstance } from "aws-cdk-lib/aws-rds"; import { ISecret } from "aws-cdk-lib/aws-secretsmanager"; import { Construct } from "constructs"; export interface RdsSqlProps { /** * VPC network to place the provider lambda. * * Normally this is the VPC of your database. * Required when your database is only accessible in a VPC. * Not required for DSQL as it uses public endpoints with IAM authentication. * * @default - Function is not placed within a VPC. */ readonly vpc?: IVpc; /** * Where to place the network provider lambda within the VPC. * * @default - the isolated subnet if not specified */ readonly vpcSubnets?: SubnetSelection; /** * Your database cluster or instance. * Supports both traditional RDS/Aurora clusters and DSQL clusters. * - For RDS/Aurora: security groups will be configured to allow access * - For DSQL: IAM authentication will be used instead of secrets */ readonly cluster: IDatabaseCluster | IDatabaseInstance | dsql.CfnCluster; /** * Secret that grants access to your database. * * Usually this is your cluster's master secret. * Not required when relying on IAM authentication (such as DSQL). * * @default - undefined for DSQL clusters using IAM authentication */ readonly secret?: ISecret; /** * Timeout for lambda to do its work. * * @default - 5 minutes */ readonly timeout?: Duration; /** * Log SQL statements. This includes passwords. Use only for debugging. * * @default - false */ readonly logger?: boolean; /** * Additional function customization. * * This enables additional function customization such as the log group. However, * lambda function properties controlled by other {RdsSqlProps} parameters will trump * opions set via this parameter. * * @default - empty */ readonly functionProps?: NodejsFunctionProps; /** * Use SSL? * * @default - true */ readonly ssl?: boolean; } /** * Supported database engines */ export declare enum DatabaseEngine { POSTGRES = "postgres", MYSQL = "mysql", DSQL = "dsql" } export interface IProvider { readonly serviceToken: string; readonly handler: IFunction; readonly secret?: ISecret; readonly engine: string; readonly cluster?: IDatabaseCluster | IDatabaseInstance | dsql.CfnCluster; } export interface ProviderAttributes { /** * Either the ARN or name of the Lambda function. * Use functionArn for cross-account or cross-region scenarios. * Use functionName for same-account, same-region scenarios. */ readonly functionArn?: string; readonly functionName?: string; readonly engine: DatabaseEngine; /** * Optional cluster information for role creation. * * When importing a provider, cluster details are often not available. * However, some operations like role creation require cluster endpoint * information to build connection secrets. * * If you plan to create roles with the imported provider, you must * provide the cluster reference. If you only plan to use existing * roles, databases, schemas, or SQL operations, this can be omitted. */ readonly cluster?: IDatabaseCluster | IDatabaseInstance | dsql.CfnCluster; } export declare class Provider extends Construct implements IProvider { /** * Import an existing provider Lambda function */ static fromProviderAttributes(scope: Construct, id: string, attrs: ProviderAttributes): IProvider; readonly serviceToken: string; readonly secret?: ISecret; readonly handler: IFunction; readonly cluster?: IDatabaseCluster | IDatabaseInstance | dsql.CfnCluster; /** * The engine like "postgres" or "mysql" * * @default - if we cannot determine this "postgres" */ readonly engine: string; constructor(scope: Construct, id: string, props: RdsSqlProps); protected newCustomResourceHandler(scope: Construct, id: string, props: RdsSqlProps): lambda.NodejsFunction; }